jmr3460 Posted April 12, 2009 Share Posted April 12, 2009 I am looking for a way to password protect my admin pages for multiple users. I was thinking that I can use a DB table with username and password as values. I think that if a form is not set then echo a form that is a username and password. I think that it would need to set a cookie to authorize the same pages as long as they are in the same browser session. Can anyone help? Quote Link to comment Share on other sites More sharing options...
lewisstevens1 Posted April 13, 2009 Share Posted April 13, 2009 Well im not sure if this will help you. but i done something like that. I first added a file called connect2.php where i had like my connection functions to connect then i created simple html doc called main_login.php where i just used input fields for the data <input name="myusername" type="text" id="myusername"><input name="mypassword" type="text" id="mypassword"> then created a new file called checklogin.php <?php require_once 'connect2.php'; // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Invalid Username or Password"; } ?> then created a doc called login_success.php <? session_start(); if(!session_is_registered(myusername)){ header("location:http://www.whatever.com ?> then for the logout i used <? session_start(); session_destroy(); header("location:http://www.whatever.com"); ?> something like that i think. Quote Link to comment Share on other sites More sharing options...
lewisstevens1 Posted April 13, 2009 Share Posted April 13, 2009 Did it work? Quote Link to comment Share on other sites More sharing options...
jmr3460 Posted April 13, 2009 Author Share Posted April 13, 2009 I am still working on it I seem to be getting an error with the $count: $count=mysql_num_rows($result); Can you help? Then it says that user and password not valid. Could it also be the fact that I have not created my login_success.php or my logout yet. Are these files the ones that redirect my to the actual page that I am protecting? Quote Link to comment Share on other sites More sharing options...
jmr3460 Posted April 13, 2009 Author Share Posted April 13, 2009 OK I am looking at another script. I have got it to where I redirects me back to my login page. I can't find out why it will not go though to my secret page. I think that it is not detecting the right password but I don't know to find that out. This is my codes: <?php //check for required fields from the form if ((!isset($_POST["username"])) || (!isset($_POST["password"]))) { header("Location: index.html"); exit; } //connect to server and select database $host = 'localhost'; $username = 'simplic5_jmr3460'; $password = 'freedom98714'; $database ='simplic5_users'; $mysql = mysql_connect($host, $username, $password); mysql_select_db($database); //$mysqli = mysql_connect("$host", "$username","$password","simplic5_users"); //create and issue the query $sql = "SELECT f_name, l_name FROM auth_users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')"; $result = mysql_query($sql) or die(mysql_error($mysql, $sql, $result)); //get the number of rows in the result set; should be 1 if a match if (mysql_num_rows($result) == 1) { //if authorized, get the values of f_name l_name while ($info = mysql_fetch_array($result)) { $f_name = stripslashes($info['f_name']); $l_name = stripslashes($info['l_name']); } //set authorization cookie setcookie("auth", "1", 0, "/", "localhost", 0); //create display string $display_block = " <p>".$f_name." ".$l_name." is authorized!</p> <p>Authorized Users' Menu:</p> <ul> <li><a href=\"secretpage.php\">secret page</a></li> </ul>"; } else { //redirect back to login form if not authorized header("Location: index.html"); exit; } ?> <html> <head> <title>User Login</title> </head> <body> <?php echo "$display_block"; ?> </body> </html> This code will always take me back to my index.html page which is my original login page. Can anyone help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.